Let’s say you want to get data from a box but there’s no shell (remember “Where there is a shell, there is a way-Unix” ) or there is no alternative option to collect information about a user. Well, there is, now you have this.
This is a proof-of-concept code by Zalewski, a Google Security Researcher
I tried it and worked both in Opera and Chrome, Firefox with NoScript add on failed (obvious). Firefox without NoScript worked well enough.
Hopefully, I’ll comment more about this exploit sometime later
Have fun reading the PoC code